public ManagedDecryptorPal(
byte[] dataCopy,
EnvelopedDataAsn envelopedDataAsn,
RecipientInfoCollection recipientInfos)
: base(recipientInfos)
{
_dataCopy = dataCopy;
_envelopedData = envelopedDataAsn;
}
internal static DecryptorPalWindows Decode(
ReadOnlySpan <byte> encodedMessage,
out int version,
out ContentInfo contentInfo,
out AlgorithmIdentifier contentEncryptionAlgorithm,
out X509Certificate2Collection originatorCerts,
out CryptographicAttributeObjectCollection unprotectedAttributes
)
{
SafeCryptMsgHandle hCryptMsg = Interop.Crypt32.CryptMsgOpenToDecode(MsgEncodingType.All, 0, 0, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
if (hCryptMsg == null || hCryptMsg.IsInvalid)
{
throw Marshal.GetLastWin32Error().ToCryptographicException();
}
if (!Interop.Crypt32.CryptMsgUpdate(
hCryptMsg,
ref MemoryMarshal.GetReference(encodedMessage),
encodedMessage.Length,
fFinal: true))
{
throw Marshal.GetLastWin32Error().ToCryptographicException();
}
CryptMsgType cryptMsgType = hCryptMsg.GetMessageType();
if (cryptMsgType != CryptMsgType.CMSG_ENVELOPED)
{
throw ErrorCode.CRYPT_E_INVALID_MSG_TYPE.ToCryptographicException();
}
version = hCryptMsg.GetVersion();
contentInfo = hCryptMsg.GetContentInfo();
AlgorithmIdentifierAsn contentEncryptionAlgorithmAsn;
using (SafeHandle sh = hCryptMsg.GetMsgParamAsMemory(CryptMsgParamType.CMSG_ENVELOPE_ALGORITHM_PARAM))
{
unsafe
{
CRYPT_ALGORITHM_IDENTIFIER *pCryptAlgorithmIdentifier = (CRYPT_ALGORITHM_IDENTIFIER *)(sh.DangerousGetHandle());
contentEncryptionAlgorithm = (*pCryptAlgorithmIdentifier).ToAlgorithmIdentifier();
contentEncryptionAlgorithmAsn.Algorithm = contentEncryptionAlgorithm.Oid.Value !;
contentEncryptionAlgorithmAsn.Parameters = (*pCryptAlgorithmIdentifier).Parameters.ToByteArray();
}
}
originatorCerts = hCryptMsg.GetOriginatorCerts();
unprotectedAttributes = hCryptMsg.GetUnprotectedAttributes();
RecipientInfoCollection recipientInfos = CreateRecipientInfos(hCryptMsg);
return(new DecryptorPalWindows(hCryptMsg, recipientInfos, contentEncryptionAlgorithmAsn));
}
public static void TestCopyToOffset()
{
RecipientInfoCollection col = CreateTestCollection();
RecipientInfo[] recipients = new RecipientInfo[6];
col.CopyTo(recipients, 2);
Assert.Null(recipients[0]);
Assert.Null(recipients[1]);
Assert.Null(recipients[5]);
ValidateMembers(recipients.Skip(2).Take(3));
}
public static void PostDecrypt_Decrypt()
{
byte[] expectedContent = { 6, 3, 128, 33, 44 };
byte[] encodedMessage =
("308202b006092a864886f70d010703a08202a13082029d020100318202583081c5020100302e301a31183016060355040313"
+ "0f5253414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004"
+ "81801026d9fb60d1a55686b73cf859c8bd66b58defda5e23e3da5f535f1427e3c5f7a4a2a94373e8e3ba5488a7c6a1059bfb"
+ "57301156698e7fca62671426d388fb3fb4373c9cb53132fda067598256bbfe8491b14dadaaf04d5fdfb2463f358ad0d6a594"
+ "bf6a4fbab6b3d725f08032e601492265e6336d5a638096f9975025ccd6393081c5020100302e301a31183016060355040313"
+ "0f5253414b65795472616e736665723202102bce9f9ece39f98044f0cd2faa9a14e7300d06092a864886f70d010101050004"
+ "8180b6497a2b789728f200ca1f974a676c531a4769f03f3929bd7526e7333ea483b4abb530a49c8532db5d4a4df66f173e3e"
+ "a4ba9e4814b584dc987ac87c46bb131daab535140968aafad8808100a2515e9c6d0c1f382b024992ce36b70b841628e0eb43"
+ "4db89545d702a8fbd3403188e7de7cb4bc1dcc3bc325467570654aaf2ee83081c5020100302e301a31183016060355040313"
+ "0f5253414b65795472616e736665723302104497d870785a23aa4432ed0106ef72a6300d06092a864886f70d010101050004"
+ "81807517e594c353d41abff334c6162988b78e05df7d79457c146fbc886d2d8057f594fa3a96cd8df5842c9758baac1fcdd5"
+ "d9672a9f8ef9426326cccaaf5954f2ae657f8c7b13aef2f811adb4954323aa8319a1e8f2ad4e5c96c1d3fbe413ae479e471b"
+ "b701cbdfa145c9b64f5e1f69f472804995d56c31351553f779cf8efec237303c06092a864886f70d010701301d0609608648"
+ "01650304012a041023a114c149d7d4017ce2f5ec7c5d53f980104e50ab3c15533743dd054ef3ff8b9d83").HexToByteArray();
EnvelopedCms ecms = new EnvelopedCms();
ecms.Decode(encodedMessage);
using (X509Certificate2 cert1 = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
using (X509Certificate2 cert2 = Certificates.RSAKeyTransfer2.TryGetCertificateWithPrivateKey())
using (X509Certificate2 cert3 = Certificates.RSAKeyTransfer3.TryGetCertificateWithPrivateKey())
{
if (cert1 == null || cert2 == null || cert3 == null)
{
return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
}
X509Certificate2Collection extraStore = new X509Certificate2Collection();
extraStore.Add(cert1);
extraStore.Add(cert2);
extraStore.Add(cert3);
RecipientInfoCollection r = ecms.RecipientInfos;
ecms.Decrypt(r[0], extraStore);
ContentInfo contentInfo = ecms.ContentInfo;
Assert.Equal <byte>(expectedContent, contentInfo.Content);
// Though this doesn't seem like a terribly unreasonable thing to attempt, attempting to call Decrypt() again
// after a successful Decrypt() throws a CryptographicException saying "Already decrypted."
Assert.ThrowsAny <CryptographicException>(() => ecms.Decrypt(r[1], extraStore));
}
}
public static void PostDecrypt_Encode(bool useExplicitPrivateKey)
{
byte[] expectedContent = { 6, 3, 128, 33, 44 };
EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(expectedContent));
ecms.Encrypt(new CmsRecipient(Certificates.RSAKeyTransfer1.GetCertificate()));
byte[] encodedMessage =
("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253"
+ "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004818067"
+ "6bada56dcaf2e65226941242db73b5a5420a6212cd6af662db52fdc0ca63875cb69066f7074da0fc009ce724e2d73fb19380"
+ "2deea8d92b069486a41c7c4fc3cd0174a918a559f79319039b40ae797bcacc909c361275ee2a5b1f0ff09fb5c19508e3f5ac"
+ "051ac0f03603c27fb8993d49ac428f8bcfc23a90ef9b0fac0f423a302b06092a864886f70d010701301406082a864886f70d"
+ "0307040828dc4d72ca3132e48008546cc90f2c5d4b79").HexToByteArray();
ecms.Decode(encodedMessage);
using (X509Certificate2 cer = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
{
if (cer == null)
{
return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
}
RecipientInfoCollection r = ecms.RecipientInfos;
if (useExplicitPrivateKey)
{
#if NETCOREAPP
ecms.Decrypt(r[0], cer.GetRSAPrivateKey());
#else
Assert.True(false, "Should not run on this platform");
#endif
}
else
{
X509Certificate2Collection extraStore = new X509Certificate2Collection(cer);
ecms.Decrypt(r[0], extraStore);
}
// Desktop compat: Calling Encode() at this point should have thrown an InvalidOperationException. Instead, it returns
// the decrypted inner content (same as ecms.ContentInfo.Content). This is easy for someone to take a reliance on
// so for compat sake, we'd better keep it.
byte[] encoded = ecms.Encode();
Assert.Equal <byte>(expectedContent, encoded);
}
}
public void EncryptToNegativeSerialNumber()
{
CertLoader negativeSerial = Certificates.NegativeSerialNumber;
const string expectedSerial = "FD319CB1514B06AF49E00522277E43C8";
byte[] content = { 1, 2, 3 };
ContentInfo contentInfo = new ContentInfo(content);
EnvelopedCms cms = new EnvelopedCms(contentInfo);
using (X509Certificate2 cert = negativeSerial.GetCertificate())
{
Assert.Equal(expectedSerial, cert.SerialNumber);
CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cert);
cms.Encrypt(recipient);
}
EnvelopedCms cms2 = new EnvelopedCms();
cms2.Decode(cms.Encode());
RecipientInfoCollection recipients = cms2.RecipientInfos;
Assert.Equal(1, recipients.Count);
RecipientInfo recipientInfo = recipients[0];
Assert.Equal(SubjectIdentifierType.IssuerAndSerialNumber, recipientInfo.RecipientIdentifier.Type);
X509IssuerSerial issuerSerial = (X509IssuerSerial)recipientInfo.RecipientIdentifier.Value;
Assert.Equal(expectedSerial, issuerSerial.SerialNumber);
using (X509Certificate2 cert = negativeSerial.TryGetCertificateWithPrivateKey())
{
Assert.Equal(expectedSerial, cert.SerialNumber);
cms2.Decrypt(new X509Certificate2Collection(cert));
}
Assert.Equal(content, cms2.ContentInfo.Content);
}
private static void VerifyRecipients3(byte[] encodedMessage)
{
string[] expectedIssuers = s_certs.Select(c => c.Issuer).OrderBy(s => s).ToArray();
EnvelopedCms ecms = new EnvelopedCms();
ecms.Decode(encodedMessage);
RecipientInfoCollection col = ecms.RecipientInfos;
int numRecipients = col.Count;
Assert.Equal(3, numRecipients);
RecipientInfo[] recipients = new RecipientInfo[numRecipients];
col.CopyTo(recipients, 0);
string[] actualIssuers = recipients.Select(r => r.RecipientIdentifier.Value).Cast <X509IssuerSerial>().Select(xis => xis.IssuerName).OrderBy(s => s).ToArray();
Assert.Equal <string>(expectedIssuers, actualIssuers);
}
public static void TestCopyToExceptions()
{
RecipientInfoCollection col = CreateTestCollection();
Assert.Throws <ArgumentNullException>(() => col.CopyTo(null, 0));
RecipientInfo[] recipients = new RecipientInfo[6];
col.CopyTo(recipients, 3);
AssertExtensions.Throws <ArgumentException>("destinationArray", null, () => col.CopyTo(recipients, 4));
Assert.Throws <ArgumentOutOfRangeException>(() => col.CopyTo(recipients, -1));
Assert.Throws <ArgumentOutOfRangeException>(() => col.CopyTo(recipients, 6));
ICollection ic = col;
AssertExtensions.Throws <ArgumentException>(null, () => ic.CopyTo(recipients, 4));
Assert.Throws <ArgumentOutOfRangeException>(() => ic.CopyTo(recipients, -1));
Assert.Throws <ArgumentOutOfRangeException>(() => ic.CopyTo(recipients, 6));
Assert.Throws <ArgumentOutOfRangeException>(() => ic.CopyTo(recipients, 6));
AssertExtensions.Throws <ArgumentException>(null, () => ic.CopyTo(new RecipientInfo[2, 2], 0));
}
public static void ReuseEnvelopeCmsDecodeThenEncode()
{
byte[] encodedMessage =
("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253"
+ "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e"
+ "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c"
+ "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4"
+ "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d"
+ "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray();
EnvelopedCms ecms = new EnvelopedCms();
ecms.Decode(encodedMessage);
using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
{
CmsRecipient cmsRecipient = new CmsRecipient(cert);
ecms.Encrypt(cmsRecipient);
}
encodedMessage = ecms.Encode();
ecms.Decode(encodedMessage);
RecipientInfoCollection recipients = ecms.RecipientInfos;
Assert.Equal(1, recipients.Count);
RecipientInfo recipientInfo = recipients[0];
KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo;
Assert.NotNull(recipientInfo);
SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
object value = subjectIdentifier.Value;
Assert.True(value is X509IssuerSerial);
X509IssuerSerial xis = (X509IssuerSerial)value;
Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName);
Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber);
}
public static void PostDecrypt_RecipientInfos()
{
byte[] expectedContent = { 6, 3, 128, 33, 44 };
EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(expectedContent));
ecms.Encrypt(new CmsRecipient(Certificates.RSAKeyTransfer1.GetCertificate()));
byte[] encodedMessage =
("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253"
+ "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004818067"
+ "6bada56dcaf2e65226941242db73b5a5420a6212cd6af662db52fdc0ca63875cb69066f7074da0fc009ce724e2d73fb19380"
+ "2deea8d92b069486a41c7c4fc3cd0174a918a559f79319039b40ae797bcacc909c361275ee2a5b1f0ff09fb5c19508e3f5ac"
+ "051ac0f03603c27fb8993d49ac428f8bcfc23a90ef9b0fac0f423a302b06092a864886f70d010701301406082a864886f70d"
+ "0307040828dc4d72ca3132e48008546cc90f2c5d4b79").HexToByteArray();
ecms.Decode(encodedMessage);
using (X509Certificate2 cer = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
{
if (cer == null)
{
return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
}
X509Certificate2Collection extraStore = new X509Certificate2Collection(cer);
RecipientInfoCollection col1 = ecms.RecipientInfos;
ecms.Decrypt(col1[0], extraStore);
// Make sure we can still RecipientInfos after a Decrypt()
RecipientInfoCollection col2 = ecms.RecipientInfos;
Assert.Equal(col1.Count, col2.Count);
RecipientInfo r1 = col1[0];
RecipientInfo r2 = col2[0];
X509IssuerSerial is1 = (X509IssuerSerial)(r1.RecipientIdentifier.Value);
X509IssuerSerial is2 = (X509IssuerSerial)(r2.RecipientIdentifier.Value);
Assert.Equal(is1.IssuerName, is2.IssuerName);
Assert.Equal(is1.SerialNumber, is2.SerialNumber);
}
}
public static void DecodeAllIndefinite()
{
byte[] encrypted = Convert.FromBase64String(
@"
MIAGCSqGSIb3DQEHA6CAMIACAQAxggFXMIIBUwIBADA7MDMxGTAXBgNVBAoMEERh
dGEgSW50ZXJjaGFuZ2UxFjAUBgNVBAMMDVVubyBUZXN0IFJvb3QCBFqG6RQwDQYJ
KoZIhvcNAQEBBQAEggEAUPilAHUe67HG5vDCO/JBmof44G/XnDLtiDrbxD4QekGq
mdPqazZiLDKEewlBy2uFJr/JijeYx6qNKTXs/EShw/lYnKisaK5ue6JZ7ssMunM9
HpkiDfM+iyN7PxnC1riZ/Kg2JExY8pf5R1Zuvu29JSLhM9ajWk9C1pBzQRJ4vkY2
OvFKR2th0Vgw7mTmc2X6HUK4tosB3LGKDVNd6BVoMQMvfkseCqeZOe1KIiBFmhyk
E+B2UZcD6Z6kLnCk4LNGyoyxW6Thv5s/lwP9p7trVVbPXbuep1l8uMCGj6vjTD66
AamEIRmTFvEVHzyO2MGG9V0bM+8UpqPAVFNCXOm6mjCABgkqhkiG9w0BBwEwFAYI
KoZIhvcNAwcECJ01qtX2EKx6oIAEEM7op+R2U3GQbYwlEj5X+h0AAAAAAAAAAAAA
");
EnvelopedCms cms = new EnvelopedCms();
cms.Decode(encrypted);
RecipientInfoCollection recipientInfos = cms.RecipientInfos;
Assert.Equal(1, recipientInfos.Count);
Assert.Equal(
SubjectIdentifierType.IssuerAndSerialNumber,
recipientInfos[0].RecipientIdentifier.Type);
string expectedContentHex = "CEE8A7E4765371906D8C25123E57FA1D";
if (PlatformDetection.IsNetFramework)
{
// .NET Framework over-counts encrypted content.
expectedContentHex += "000000000000";
}
// Still encrypted.
Assert.Equal(
expectedContentHex,
cms.ContentInfo.Content.ByteArrayToHex());
}
public static void TestKeyTransEncryptKey_RsaOaepCertificate_Sha256Parameters()
{
ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
EnvelopedCms ecms = new EnvelopedCms(contentInfo);
using (X509Certificate2 cert = Certificates.RsaOaep2048_Sha256Parameters.GetCertificate())
{
CmsRecipient cmsRecipient = new CmsRecipient(cert);
ecms.Encrypt(cmsRecipient);
}
byte[] encodedMessage = ecms.Encode();
EnvelopedCms ecms2 = new EnvelopedCms();
ecms2.Decode(encodedMessage);
RecipientInfoCollection recipients = ecms2.RecipientInfos;
Assert.Equal(1, recipients.Count);
KeyTransRecipientInfo recipient = Assert.IsType <KeyTransRecipientInfo>(recipients[0]);
Assert.Equal(Oids.RsaOaep, recipient.KeyEncryptionAlgorithm.Oid.Value);
Assert.Equal(s_rsaOaepSha256Parameters, recipient.KeyEncryptionAlgorithm.Parameters);
}
private static KeyTransRecipientInfo EncodeKeyTransl(SubjectIdentifierType type = SubjectIdentifierType.IssuerAndSerialNumber)
{
ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
EnvelopedCms ecms = new EnvelopedCms(contentInfo);
using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
{
CmsRecipient cmsRecipient = new CmsRecipient(type, cert);
ecms.Encrypt(cmsRecipient);
}
byte[] encodedMessage = ecms.Encode();
EnvelopedCms ecms2 = new EnvelopedCms();
ecms2.Decode(encodedMessage);
RecipientInfoCollection recipients = ecms2.RecipientInfos;
Assert.Equal(1, recipients.Count);
RecipientInfo recipientInfo = recipients[0];
Assert.IsType <KeyTransRecipientInfo>(recipientInfo);
return((KeyTransRecipientInfo)recipientInfo);
}
internal DecryptorPal(RecipientInfoCollection recipientInfos)
{
RecipientInfos = recipientInfos;
}
private unsafe void DecryptContent(RecipientInfoCollection recipientInfos, X509Certificate2Collection extraStore)
{
int hr = -2146889717;
if (this.m_safeCryptMsgHandle == null || this.m_safeCryptMsgHandle.IsInvalid)
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_NoEncryptedMessageToEncode"));
for (int index = 0; index < recipientInfos.Count; ++index)
{
RecipientInfo recipientInfo = recipientInfos[index];
EnvelopedCms.CMSG_DECRYPT_PARAM cmsgDecryptParam = new EnvelopedCms.CMSG_DECRYPT_PARAM();
int num = EnvelopedCms.GetCspParams(recipientInfo, extraStore, ref cmsgDecryptParam);
if (num == 0)
{
CspParameters parameters = new CspParameters();
if (!X509Utils.GetPrivateKeyInfo(cmsgDecryptParam.safeCertContextHandle, ref parameters))
throw new CryptographicException(Marshal.GetLastWin32Error());
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Decrypt);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
switch (recipientInfo.Type)
{
case RecipientInfoType.KeyTransport:
CAPI.CMSG_CTRL_DECRYPT_PARA cmsgCtrlDecryptPara = new CAPI.CMSG_CTRL_DECRYPT_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_DECRYPT_PARA)));
cmsgCtrlDecryptPara.hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle();
cmsgCtrlDecryptPara.dwKeySpec = cmsgDecryptParam.keySpec;
cmsgCtrlDecryptPara.dwRecipientIndex = recipientInfo.Index;
if (!CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0U, 2U, new IntPtr((void*)&cmsgCtrlDecryptPara)))
num = Marshal.GetHRForLastWin32Error();
GC.KeepAlive((object)cmsgCtrlDecryptPara);
break;
case RecipientInfoType.KeyAgreement:
System.Security.Cryptography.SafeCertContextHandle certContextHandle = System.Security.Cryptography.SafeCertContextHandle.InvalidHandle;
KeyAgreeRecipientInfo agreeRecipientInfo = (KeyAgreeRecipientInfo)recipientInfo;
CAPI.CMSG_CMS_RECIPIENT_INFO cmsRecipientInfo = (CAPI.CMSG_CMS_RECIPIENT_INFO)Marshal.PtrToStructure(agreeRecipientInfo.pCmsgRecipientInfo.DangerousGetHandle(), typeof(CAPI.CMSG_CMS_RECIPIENT_INFO));
CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA agreeDecryptPara = new CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_KEY_AGREE_DECRYPT_PARA)));
agreeDecryptPara.hCryptProv = cmsgDecryptParam.safeCryptProvHandle.DangerousGetHandle();
agreeDecryptPara.dwKeySpec = cmsgDecryptParam.keySpec;
agreeDecryptPara.pKeyAgree = cmsRecipientInfo.pRecipientInfo;
agreeDecryptPara.dwRecipientIndex = agreeRecipientInfo.Index;
agreeDecryptPara.dwRecipientEncryptedKeyIndex = agreeRecipientInfo.SubIndex;
if (agreeRecipientInfo.SubType == RecipientSubType.CertIdKeyAgreement)
{
CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO certIdRecipientInfo = (CAPI.CMSG_KEY_AGREE_CERT_ID_RECIPIENT_INFO)agreeRecipientInfo.CmsgRecipientInfo;
certContextHandle = CAPI.CertFindCertificateInStore(EnvelopedCms.BuildOriginatorStore(this.Certificates, extraStore), 65537U, 0U, 1048576U, new IntPtr((void*)&certIdRecipientInfo.OriginatorCertId), System.Security.Cryptography.SafeCertContextHandle.InvalidHandle);
if (certContextHandle == null || certContextHandle.IsInvalid)
{
num = -2146885628;
break;
}
else
{
CAPI.CERT_INFO certInfo = (CAPI.CERT_INFO)Marshal.PtrToStructure(((CAPI.CERT_CONTEXT)Marshal.PtrToStructure(certContextHandle.DangerousGetHandle(), typeof(CAPI.CERT_CONTEXT))).pCertInfo, typeof(CAPI.CERT_INFO));
agreeDecryptPara.OriginatorPublicKey = certInfo.SubjectPublicKeyInfo.PublicKey;
}
}
else
{
CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO keyRecipientInfo = (CAPI.CMSG_KEY_AGREE_PUBLIC_KEY_RECIPIENT_INFO)agreeRecipientInfo.CmsgRecipientInfo;
agreeDecryptPara.OriginatorPublicKey = keyRecipientInfo.OriginatorPublicKeyInfo.PublicKey;
}
if (!CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0U, 17U, new IntPtr((void*)&agreeDecryptPara)))
num = Marshal.GetHRForLastWin32Error();
GC.KeepAlive((object)agreeDecryptPara);
GC.KeepAlive((object)certContextHandle);
break;
default:
throw new CryptographicException(-2147483647);
}
GC.KeepAlive((object)cmsgDecryptParam);
}
if (num == 0)
{
uint cbData = 0U;
SafeLocalAllocHandle pvData = SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(this.m_safeCryptMsgHandle, 2U, 0U, out pvData, out cbData);
if (cbData > 0U)
{
Oid contentType = PkcsUtils.GetContentType(this.m_safeCryptMsgHandle);
byte[] numArray = new byte[(IntPtr)cbData];
Marshal.Copy(pvData.DangerousGetHandle(), numArray, 0, (int)cbData);
this.m_contentInfo = new ContentInfo(contentType, numArray);
}
pvData.Dispose();
hr = 0;
break;
}
else
hr = num;
}
if (hr != 0)
throw new CryptographicException(hr);
}
public static void TestGetEnumerator()
{
RecipientInfoCollection col = CreateTestCollection();
ValidateMembers(col.GetEnumerator());
}
public static void TestCount()
{
RecipientInfoCollection col = CreateTestCollection();
Assert.Equal(3, col.Count);
}
internal RecipientInfoEnumerator(RecipientInfoCollection RecipientInfos)
{
this.m_recipientInfos = RecipientInfos;
this.m_current = -1;
}
private DecryptorPalWindows(SafeCryptMsgHandle hCryptMsg, RecipientInfoCollection recipientInfos)
: base(recipientInfos)
{
_hCryptMsg = hCryptMsg;
}
